CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,461 vulnerabilities with CWE-79
CVE-2024-43985
MEDIUM
Bus Ticket Booking with Seat Reservation <= 5.3.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-43977
MEDIUM
The Plus Addons for Elementor Page Builder Lite <= 5.6.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-43938
MEDIUM
Jeroen Peters Name Directory <1.29.0 - XSS
CVSS 6.5
CVE-2024-8907
MEDIUM
Google Chrome < 129.0.6668.58 - Cross-Site Scripting via Omnibox UI Gestures
CVSS 6.1
CVE-2024-46976
MEDIUM
Backstage < 1.10.13 - Stored Cross-Site Scripting in TechDocs Content
CVSS 6.5
CVE-2024-8951
LOW
SourceCodester Resort Reservation System 1.0 - Cross-Site Scripting via manage_fee.php toview Parameter
CVSS 3.5
CVE-2024-45812
MEDIUM
Vite 3.2.11-4.5.5, 5.0.0-5.2.14, 5.3.0-5.3.6, 5.4.0-5.4.6 - XSS via DOM Clobbering in cjs/iife/umd
CVSS 6.4
CVE-2024-8660
MEDIUM
Concrete CMS 9.0.0-9.3.3 - Stored Cross-Site Scripting in Top Navigator Bar Block
CVSS 4.8
CVE-2024-45803
MEDIUM
wireui < 1.19.3 - Cross-Site Scripting via Button Label Parameter
CVSS 6.1
CVE-2024-38380
MEDIUM
Millbeckcommunications ProRoute H685T-W Firmware - Reflected XSS
CVSS 5.5
CVE-2024-38860
MEDIUM
Checkmk - Cross-Site Scripting via Malicious Links
CVSS 6.1
CVE-2024-7873
CRITICAL
Veribilim Software Veribase Order <4.010.3 - XSS
CVE-2024-5170
MEDIUM
Logo Manager For Enamad WordPress <0.7.1 - XSS
CVSS 4.8
CVE-2024-40857
MEDIUM
Safari < 18 - Universal Cross-Site Scripting
CVSS 6.1
CVE-2024-40846
MEDIUM
macOS < 14.7 - Denial of Service via Maliciously Crafted Video File
CVSS 5.5
CVE-2024-40845
MEDIUM
macOS < 14.7 - Denial of Service via Malicious Video File Processing
CVSS 5.5
CVE-2024-45800
MEDIUM
Snappymail < 2.38.0 - Stored Cross-Site Scripting via HTML Sanitization Bypass
CVSS 5.0
CVE-2024-45799
HIGH
FluxCP < 1.3.0 - Stored Cross-Site Scripting via Shop Names
CVSS 7.3
CVE-2024-39910
MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting via QuillJS WYSIWYG Editor
CVSS 5.4
CVE-2024-32034
MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting in Admin Activity Log
CVSS 6.8
CVE-2024-8661
MEDIUM
Concrete CMS <9.3.3, <8.5.19 - Stored XSS
CVSS 4.8
CVE-2024-46970
LOW
JetBrains IntelliJ IDEA < 2024.1.0 - HTML Injection via Project Name
CVSS 3.3
CVE-2024-8776
MEDIUM
intumit smartrobot_firmware < 7.1.0 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-44059
MEDIUM
Custom Query Blocks <= 5.3.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-44058
MEDIUM
CryoutCreations Parabola <= 2.4.1 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,461
Exploit Likelihood
High